Subversion Repositories cheapmusic

Rev

Rev 120 | Rev 122 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log | RSS feed 

<?php
include_once ('php/clsLibGTIN.php');
include_once ('php/constants.php');

error_reporting(E_ALL);

// add new entry to wishlist
function addWishlist($uid, $wlArr) {
    $nul = 'NULL';
    $conn = MySessionHandler::getDBSessionId();

    $created = mysqli_real_escape_string($conn, time());
    $modified = $created;

    $uid = mysqli_real_escape_string($conn, $uid);
    $mid = isset($wlArr->{'mid'}) ? mysqli_real_escape_string($conn, $wlArr->{'mid'}) : "";
    $rid = isset($wlArr->{'rid'}) ? mysqli_real_escape_string($conn, $wlArr->{'rid'}) : "";
    $asin = isset($wlArr->{'asin'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'asin'}) . "'" : "NULL";
    $barcode = (empty($wlArr->{'barcode'}) ? "NULL" : "'" . mysqli_real_escape_string($conn, $wlArr->{'barcode'}) . "'");
    $title = isset($wlArr->{'title'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'title'}) . "'" : "NULL";
    $artist = isset($wlArr->{'artist'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'artist'}) . "'" : "NULL";
    $cond = 'Any';
    $format = 'Any';
    $currency = 'USD'; //bugbug
    $price = 'NULL';
    $url = isset($wlArr->{'url'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'url'}) . "'" : "NULL";
    $thumbnail = isset($wlArr->{'thumbnail'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'thumbnail'}) . "'" : "NULL";
    $ip = inet_pton($_SERVER['REMOTE_ADDR']);

    $sql = "INSERT
            INTO wishlist
            (id, created, ip, modified, uid, mid, rid, asin, barcode, title, artist, cond, format, currency, price, url, thumbnail)
            VALUES (NULL, '$created', '$ip', '$modified', '$uid', '$mid', '$rid', " . $asin . ", " . $barcode . ", " . $title . ", " . $artist . ", '$cond', '$format', '$currency', '$price', " . $url . ", " . $thumbnail . ")";

    if ($result = mysqli_query($conn, $sql)) {
        return 0;
    }
    else {
        $error = mysqli_errno($conn);
        if ($error == 1062) {
            return 1;
        }
        else {
            error_log("MySQL Read Wishlist SQL: " . $sql);
            error_log("MySQL Read Wishlist Error: " . mysqli_error($conn) . " (" . $error . ")");
            return -1;
        }
    }

    return -1;
}

function checkWishlist($type, $id) {
    $conn = MySessionHandler::getDBSessionId();
    if ($type == "master") {
        $colName = "mid";
    } else if ($type == "release") {
        $colName = "rid";
    } else if ($type == "asin") {
        $colName = "asin";
    }

    $uid = mysqli_real_escape_string($conn, $_SESSION['sessData']['userID']);

    $sql = "SELECT id
            FROM wishlist
            WHERE uid = '$uid' and $colName = '$id'";

    if ($result = mysqli_query($conn, $sql)) {
        if (mysqli_num_rows($result) > 0) {
            return true;
        }
    }
    else if (mysqli_errno($conn)) {
        error_log("MySQL Check Wishlist SQL: " . $sql);
        error_log("MySQL Check Wishlist Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");
        return true;
    }

    return false;
}

function getWishlist() {
    if (!isLoggedIn()) {
        return ('<div class="container bg-warning text-center py-3"><p class="display-6"><i class="material-icons">error_outline</i> Please login to your Find Cheap Music account in order to maintain the wishlist.</p></div>');
    }

    $str = '';
    $conn = MySessionHandler::getDBSessionId();

    $uid = $_SESSION['sessData']['userID'];

    $sql = "SELECT *
            FROM wishlist
            WHERE uid = '$uid'";

    if ($result = mysqli_query($conn, $sql)) {
        if (mysqli_num_rows($result) > 0) {
            $str .= "<div class=\"container\">";
            $str .= "<div class=\"input-group mt-3\">";
            $str .= "<div class=\"input-group-prepend\">";
            $str .= "<span class=\"input-group-text\"><i class=\"material-icons\">search</i></span>";
            $str .= "</div>";
            $str .= "<input type=\"text\" class=\"form-control\" id=\"tableFilter\" placeholder=\"Search for..\" aria-label=\"Search for entry\" />";
            $str .= "<div class=\"input-group-append\" id=\"tableFilterButton\">";
            $str .= "<button id=\"tableFilterReset\" type=\"button\" class=\"btn rounded\"><i class=\"material-icons\">cancel_presentation</i></button>";
            $str .= "</div>";
            $str .= '<script nonce="' . base64_encode($_SESSION["nonce"]) .'">';
            $str .= 'document.addEventListener("DOMContentLoaded", function() {';
            $str .= '   document.getElementById("tableFilter").addEventListener("keyup", function() {';
            $str .= '        filterWishlist();';
            $str .= '   });';
            $str .= '   document.getElementById("tableFilterReset").addEventListener("click", function() {';
            $str .= '        document.getElementById("tableFilter").value = "";';
            $str .= '        filterWishlist();';
            $str .= '   });';
            $str .= '});';
            $str .= '</script>';
            $str .= "</div>";

            $str .= "<form method=\"post\" action=\"/index.php\">";
            $str .= "<input type=\"hidden\" name=\"sessionTab\" value=\"" . MySessionHandler::getSessionTab() . "\" />";
            $str .= "<input id=\"discogsTitle\" type=\"hidden\" name=\"discogsTitle\" value=\"\" />";
            $str .= "<input id=\"discogsArtist\" type=\"hidden\" name=\"discogsArtist\" value=\"\" />";
            $str .= "<input id=\"discogsBarcode\" type=\"hidden\" name=\"discogsBarcode\" value=\"\" />";
            $str .= "<div class=\"table\">";
            $str .= "<table id=\"wishlistTable\" class=\"table table-striped table-condensed table-hover small bg-info\">";
            $str .= "<thead class=\"thead-dark table-header-sticky\">";
            $str .= "<tr><th></th>";
            $str .= "<th id=\"sortColumn1\" class=\"text-left cursor-pointer\"><span class=\"nowrap\">Artist <i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";
            $str .= "<th id=\"sortColumn2\" class=\"text-left cursor-pointer\"><span class=\"text-nowrap\">Title <i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";
            $str .= "<th id=\"sortColumn3\" class=\"d-none\"></th>";
            $str .= "<th id=\"sortColumn4\" class=\"cursor-pointer hide-medium hide-small\"><span class=\"text-nowrap\">Barcode <i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";
            $str .= "<th id=\"sortColumn5\" class=\"cursor-pointer hide-small\"><span class=\"text-nowrap\">Condition <i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";
            $str .= "<th id=\"sortColumn6\" class=\"cursor-pointer hide-small\"><span class=\"text-nowrap\">Format <i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";
            $str .= "<th class=\"d-none\">Ceiling Price Number</th>";
            $str .= "<th id=\"sortColumn7\" class=\"cursor-pointer\"><span class=\"text-nowrap\">Price <i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";
            $str .= "<th></th><th class=\"d-none\"></th></tr></thead>";
            $str .= '<script nonce="' . base64_encode($_SESSION["nonce"]) .'">';
            $str .= 'document.addEventListener("DOMContentLoaded", function() {';
            $str .= '   document.getElementById("sortColumn1").addEventListener("click", function() {';
            $str .= '        sortTable("wishlistTable", 1, "text");';
            $str .= '   });';
            $str .= '   document.getElementById("sortColumn2").addEventListener("click", function() {';
            $str .= '        sortTable("wishlistTable", 2, "text");';
            $str .= '   });';
            $str .= '   document.getElementById("sortColumn4").addEventListener("click", function() {';
            $str .= '        sortTable("wishlistTable", 4, "text");';
            $str .= '   });';
            $str .= '   document.getElementById("sortColumn5").addEventListener("click", function() {';
            $str .= '        sortTable("wishlistTable", 5, "text");';
            $str .= '   });';
            $str .= '   document.getElementById("sortColumn6").addEventListener("click", function() {';
            $str .= '        sortTable("wishlistTable", 6, "text");';
            $str .= '   });';
            $str .= '   document.getElementById("sortColumn7").addEventListener("click", function() {';
            $str .= '        sortTable("wishlistTable", 7, "numeric");';
            $str .= '   });';
            $str .= '});';
            $str .= '</script>';
            $str .= "<tbody>";

            while ($row = mysqli_fetch_assoc($result)) {
                $artist = (empty($row["artist"]) ? "Various" : sanitizeInput2($row["artist"]));
                $altText = "Image for " . sanitizeInput2($row['title']) . " by " . $artist;
                $price = print_monetary($row['price'], $row['currency']);
                $searchTitle = 'Searching for:<br><br><strong>' . sanitizeInput2($row['title']) . " by " . $artist;
                if ($row['barcode'] !== null) {
                    $searchTitle .= " (" . displayBarcode($row['barcode']) . ")";
                }
                $searchTitle .= "</strong>";

                $str .= "<tr>";
                $str .= "<td><img class=\"img-fluid wl-img lazyload\" src=\"data:image/png;base64,R0lGODlhAQABAAD/ACwAAAAAAQABAAACADs=\" data-src=\"" . $row["thumbnail"] . "\" alt=\"" . $altText . "\" /></td>";
                $str .= "<td>$artist</td>";
                $str .= "<td>" . $row['title'] . "</td>";
                $str .= "<td class=\"d-none\">" . $row['barcode'] . "</td>";
                $str .= "<td class=\"hide-medium hide-small\">" . displayBarcode($row['barcode']) . "</td>";
                $str .= "<td class=\"hide-small\">" . $row['cond'] . "</td>";
                $str .= "<td class=\"hide-small\">" . $row['format'] . "</td>";
                $str .= "<td class=\"d-none\">" . $row['price'] . "</td>";
                $str .= "<td>" . $price . "</td>";
                $str .= "<td><span class=\"text-nowrap\"><button id=\"wlEditBtn" . $row['id'] . "\" class=\"btn rounded px-1\" type=\"button\" data-toggle=\"tooltip\" title=\"Edit\" aria-label=\"Edit Entry\"><i class=\"material-icons\">edit</i></button>";
                $str .= "<button id=\"wlDeleteBtn" . $row['id'] . "\" class=\"btn rounded px-1\" type=\"button\" data-toggle=\"tooltip\" title=\"Delete\" aria-label=\"Delete Entry\"><i class=\"material-icons\">cancel_presentation</i></button>";
                $str .= "<a class=\"btn rounded px-1\" role=\"button\" data-toggle=\"tooltip\" title=\"Information\" aria-label=\"Information for Entry\" href=\"" . htmlentities($row['url']) . "\" target=\"_blank\" rel=\"noreferrer noopener\"><i class=\"material-icons\">info_outline</i></a>";
                $str .= "<button id=\"wlSearchBtn" . $row['id'] . "\" type=\"submit\" name=\"submit\" value=\"discogsSearch\" class=\"btn rounded px-1\"><i class=\"material-icons\" title=\"Search for Store Offers\" aria-label=\"Search Store Offers for Entry\" data-toggle=\"tooltip\">search</i></button></span></td>";
                $str .= "<td class=\"d-none\" id=\"wlIdRow" . $row['id'] . "\"></td>";

                $str .= '<script nonce="' . base64_encode($_SESSION["nonce"]) .'">';
                $str .= 'document.addEventListener("DOMContentLoaded", function() {';
                $str .= '       document.getElementById("wlEditBtn' . $row['id'] . '").addEventListener("click", function() {';
                $str .= '        editWishlist("' . $row["id"] . '", document.getElementById("wlEditBtn' . $row['id'] . '"));';
                $str .= '       });';
                $str .= '       document.getElementById("wlDeleteBtn' . $row['id'] . '").addEventListener("click", function() {';
                $str .= '        deleteWishlist("' . $row["id"] . '", document.getElementById("wlDeleteBtn' . $row['id'] . '"),"' . sanitizeInput2($row['title']) . '","' . $artist . '");';
                $str .= '       });';
                $str .= '       document.getElementById("wlSearchBtn' . $row['id'] . '").addEventListener("click", function() {';
                $str .= '        document.getElementById("discogsTitle").value = "' . sanitizeInput2($row["title"]) . '";';
                $str .= '        document.getElementById("discogsArtist").value = "' . sanitizeInput2($row['artist']) . '";';
                $str .= '        document.getElementById("discogsBarcode").value = "' . sanitizeInput2($row['barcode']) . '";';
                $str .= '        progressBar("' . $searchTitle . '");';
                $str .= '       });';
                $str .= '});';
                $str .= '</script>';

                $str .= "</tr>";
            }

            $str .= "</tbody>";
            $str .= "</table>";
            $str .= "</div>";
            $str .= "</form>";

            $str .= '<div class="modal fade" id="editWishlistModal">';
            $str .= '    <div class="modal-dialog">';
            $str .= '        <div class="modal-content">';
            $str .= '            <div class="modal-header bg-primary">';
            $str .= '                <p class="modal-title display-6">Edit Wishlist Entry</p>';
            $str .= '            </div>';
            $str .= '            <span class="mt-0" id="wlMsg"></span>';
            $str .= '            <input type="hidden" name="sessionTab" value="' . MySessionHandler::getSessionTab() . '" />';
            $str .= '            <input type="hidden" name="wlId" id="wlId" />';
            $str .= '            <div class="modal-body">';
            $str .= '                <div class="form-group">';
            $str .= '                    <label for="wlArtist">Artist:</label>';
            $str .= '                    <input type="text" class="form-control" id="wlArtist" />';
            $str .= '                </div>';
            $str .= '                <div class="form-group">';
            $str .= '                    <label for="wlTitle">Title:</label>';
            $str .= '                    <input type="text" class="form-control" id="wlTitle" />';
            $str .= '                </div>';
            $str .= '                <div class="form-group">';
            $str .= '                    <label for="wlBarcode">Barcode:</label>';
            $str .= '                    <input type="text" class="form-control" id="wlBarcode" />';
            $str .= '                </div>';
            $str .= '                <div class="form-group">';
            $str .= '                    <label for="wlCond">Condition:</label>';
            $str .= '                    <select class="form-control" id="wlCond">';
            $str .= '                    <option>Any</option>';
            $str .= '                    <option>New</option>';
            $str .= '                    <option>Used</option>';
            $str .= '                    </select>';
            $str .= '                </div>';
            $str .= '                <div class="form-group">';
            $str .= '                    <label for="wlFormat">Format:</label>';
            $str .= '                    <select class="form-control" id="wlFormat">';
            $str .= '                    <option>Any</option>';
            $str .= '                    <option>CD</option>';
            $str .= '                    <option>Record</option>';
            $str .= '                    <option>Digital</option>';
            $str .= '                    <option>Book</option>';
            $str .= '                    </select>';
            $str .= '                </div>';
            $str .= '                <div class="form-group">';
            $str .= '                    <label for="wlPrice">Ceiling Price:</label>';
            $str .= '                    <input type="text" class="form-control" id="wlPrice" />';
            $str .= '                </div>';
            $str .= '            </div>';
            $str .= '            <div class="modal-footer bg-primary">';
            $str .= '                <button id="saveEditedWl" type="button" class="btn btn-success" name="submit" value="Save">Save</button>';
            $str .= '<script nonce="' . base64_encode($_SESSION["nonce"]) .'">';
            $str .= 'document.addEventListener("DOMContentLoaded", function() {';
            $str .= '   document.getElementById("saveEditedWl").addEventListener("click", function() {';
            $str .= '        saveEditedWishlist();';
            $str .= '   });';
            $str .= '});';
            $str .= '</script>';
            $str .= '                <button type="button" class="btn btn-danger" data-dismiss="modal">Cancel</button>';
            $str .= '            </div>';
            $str .= '        </div>';
            $str .= '    </div>';
            $str .= '</div>';
            $str .= '</div>';
        }
        else {
            $str .= "<div class=\"container bg-warning text-center py-3\"><p class=\"display-6\"><i class=\"material-icons\">bookmark</i> Your wishlist is currently empty. Add matching albums from the search results.</p></div>";
        }
    }
    else if (mysqli_errno($conn)) {
        error_log("MySQL Read Wishlist SQL: " . $sql);
        error_log("MySQL Read Wishlist Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");
    }

    return $str;
}

function deleteWishlist($uid, $id) {
    $conn = MySessionHandler::getDBSessionId();

    $id = mysqli_real_escape_string($conn, $id);
    $uid = mysqli_real_escape_string($conn, $uid);

    $sql = "DELETE FROM wishlist WHERE id = $id AND uid = $uid;";

    if (!($result = mysqli_query($conn, $sql))) {
        error_log("MySQL Delete Wishlist SQL: " . $sql);
        error_log("MySQL Delete Wishlist Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");
        return -1;
    }

    return 0;
}

function updateWishlist($uid, $wlArr) {
    $nul = 'NULL';
    $conn = MySessionHandler::getDBSessionId();

    $modified = mysqli_real_escape_string($conn, time());

    $id = (empty($wlArr['id']) ? "NULL" : "'" . mysqli_real_escape_string($conn, $wlArr['id']) . "'");
    $uid = mysqli_real_escape_string($conn, $uid);
    $barcode = (empty($wlArr['barcode']) ? "NULL" : "'" . mysqli_real_escape_string($conn, $wlArr['barcode']) . "'");
    $title = isset($wlArr['title']) ? "'" . mysqli_real_escape_string($conn, $wlArr['title']) . "'" : "NULL";
    $artist = isset($wlArr['artist']) ? "'" . mysqli_real_escape_string($conn, $wlArr['artist']) . "'" : "NULL";
    $cond = isset($wlArr['cond']) ? mysqli_real_escape_string($conn, $wlArr['cond']) : "Any";
    $format = isset($wlArr['format']) ? mysqli_real_escape_string($conn, $wlArr['format']) : "Any";
    $currency = 'USD'; //bugbug
    $price = isset($wlArr['price']) ? "'" . mysqli_real_escape_string($conn, $wlArr['price']) . "'" : "NULL";

    $sql = "UPDATE wishlist
            SET modified='$modified', barcode=" . $barcode . ", title=" . $title . ", artist=" . $artist . ", cond='$cond', format='$format', price=" . $price . "
            WHERE id=$id and uid=$uid";

    if ($result = mysqli_query($conn, $sql)) {
        return 0;
    }
    else {
        error_log("MySQL Update Wishlist SQL: " . $sql);
        error_log("MySQL Update Wishlist Error: " . mysqli_error($conn) . " (" . $error . ")");
        return -1;
    }

    return -1;
}

function unsubscribeWishlist($arr) {
    if (empty($arr['id']) || empty($arr['email'])) {
        return "";
    }
    $conn = MySessionHandler::getDBSessionId();

    $modified = mysqli_real_escape_string($conn, time());

    $id = mysqli_real_escape_string($conn, $arr['id']);
    $email = mysqli_real_escape_string($conn, $arr['email']);

    $sql = "UPDATE users
            SET wlEmailFlag = '0'
            WHERE id=$id and email='$email'";

    if (!($result = mysqli_query($conn, $sql))) {
        error_log("MySQL Update Wishlist SQL: " . $sql);
        error_log("MySQL Update Wishlist Error: " . mysqli_error($conn) . " (" . $error . ")");
    }

    $str = "<div class=\"container text-center bg-warning p-3 rounded\">";
    $str .= "<p class=\"display-6 font-weight-bold\">The wishlist price check emails for " . $email . " have been turned off</p>";
    $str .= "<p>You can reinstate the emails at any time by setting the option 'Email Price Checks' for your account back to 'Yes'.</p>";
    $str .= "</div>";

    return $str;
}

function checkPriceMonitor() {
    if (empty($_SESSION['sessData']['userID'])) {
        unset($_SESSION['priceMonitor']);
        return -1;
    }

    $conn = MySessionHandler::getDBSessionId();

    $uid = $_SESSION['sessData']['userID'];

    $sql = "SELECT created, access
            FROM pricemonitor
            WHERE userId = '$uid'";

    if ($result = mysqli_query($conn, $sql)) {
        if (mysqli_num_rows($result) > 0) {
            if ($row = mysqli_fetch_assoc($result)) {
                $_SESSION['priceMonitor']['created'] = $row['created'];
                $_SESSION['priceMonitor']['access'] = $row['access'];
                if ($_SESSION['priceMonitor']['created'] > $_SESSION['priceMonitor']['access']) {
                    $_SESSION['priceMonitor']['newFlag'] = true;
                } else {
                    $_SESSION['priceMonitor']['newFlag'] = false;
                }

                return 0;
            }
        }
    }
    else if (mysqli_errno($conn)) {
        error_log("MySQL Read Price Monitor SQL: " . $sql);
        error_log("MySQL Read Price Monitor Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");
    }

    return -1;
}


function getPriceMonitor() {
    if (!isLoggedIn()) {
        return ('<div class="container bg-warning text-center py-3"><p class="display-6"><i class="material-icons">error_outline</i> Please login to your Find Cheap Music account in order to see the price monitor results.</p></div>');
    }

    $conn = MySessionHandler::getDBSessionId();

    $uid = $_SESSION['sessData']['userID'];

    $sql = "SELECT data
            FROM pricemonitor
            WHERE userId = '$uid'";

    if ($result = mysqli_query($conn, $sql)) {
        if (mysqli_num_rows($result) > 0) {
            if ($row = mysqli_fetch_assoc($result)) {
                $access = mysqli_real_escape_string($conn, time());
                $sql = "UPDATE pricemonitor
                        SET access = $access
                        WHERE userId = '$uid'";                
                if (!($result = mysqli_query($conn, $sql))) {
                    error_log("MySQL Update Price Monitor SQL: " . $sql);
                    error_log("MySQL Update Price Monitor Error: " . mysqli_error($conn) . " (" . $error . ")");
                }
                
                $html = gzdecode(base64_decode($row['data']));
                $html = str_replace(base64_encode("xxxNONCExxx"), base64_encode($_SESSION["nonce"]), $html);
                return ($html);
            }
        }
    }
    else if (mysqli_errno($conn)) {
        error_log("MySQL Read Price Monitor SQL: " . $sql);
        error_log("MySQL Read Price Monitor Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");
    }

    return ('<div class="container bg-warning text-center py-3"><p class="display-6"><i class="material-icons">bookmark</i> Your price monitor list is currently empty.</p></div>');
}